sdm660-common: Cleanup sepolicy

* Fix neverallows

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
This commit is contained in:
clarencelol 2021-07-24 08:08:47 +00:00 committed by pix106
parent 1426027286
commit 5514002bef
3 changed files with 3 additions and 18 deletions

View file

@ -1,17 +1,3 @@
allow hal_power_stats_default sysfs:dir { open read };
allow hal_power_stats_default sysfs:file open;
allow hal_power_stats_default sysfs:file { open read };
allow hal_power_stats_default sysfs_kgsl:file { r_file_perms getattr };
# Needed to traverse odpm files
r_dir_file(hal_power_stats_default, sysfs_iio_devices)
# Needed to traverse platform low power stats
r_dir_file(hal_power_stats_default, sysfs_power_stats)
# The following folders are incidentally accessed by hal_power_stats_default and are not needed.
dontaudit hal_power_stats_default sysfs_power_stats_ignore:dir r_dir_perms;
dontaudit hal_power_stats_default sysfs_power_stats_ignore:file r_file_perms;
dontaudit hal_power_stats_default sysfs:file { open read };
vndbinder_use(hal_power_stats)
add_service(hal_power_stats_server, power_stats_service)

View file

@ -1 +1,2 @@
allow netutils_wrapper netutils_wrapper:capability { kill };
dontaudit netutils_wrapper kernel:system module_request;
dontaudit netutils_wrapper self:capability { sys_module sys_admin };

View file

@ -1,4 +1,2 @@
allow zygote exported_camera_prop:file { open read getattr write };
get_prop(zygote, exported_camera_prop)
allow zygote unlabeled:dir { search };